Reputation: 8084
Security warning Parent website is http but iframe is https
We are third party widget proving services company for payment (for example). PARENT website can add our widget built in ASP.net MVC -5 in their iframe. Our widget URL is completely secure (https) but the parent website where its getting embedded is not. Now that parent website is used by 100's of people to make the payment. Problem is they see that the whole website is not "SECURE". they cannot see that the iframe where they are making payment is secure. Is there any way I can solve this issue. How can I make the parent website detect that the iframe its using is HTTPS hence make the whole page as secure. Or if there is another way to handle it then please guide me.
Parent - http
iframe - https
users : scared of making payments
Upvotes: 0
Views: 258
Answers (1)
Reputation: 239250
You can't, because it's in fact not secure. HTTPS only provides protection if it's HTTPS all the way. If any part drops to HTTP, the whole channel is insecure.
Tell your clients to implement SSL to protect their users. If they choose not to, there's not really anything you can do about it. It might be worth updating your terms of service to indemnify your organization against damages should your clients not utilize SSL and some sort of breach should occur because of that, when using your widget. Basically, transfer the legal responsibility to the client.
Upvotes: 1
Related Questions
- Insecure content in iframe on secure page
- How to deactivate security warning error (generated because of SSL) via coding in a web application
- iframe blocked as insecure content, even though the iframe is HTTPS
- HTTPS iframe within an HTTP page, how can I stop that?
- How to make a page with an HTTPS iframe appear secure
- Mixed Content strange https issue with https iframe
- HTTP iframe on HTTPS page
- How can using https in an iframe be secure?
- security warning window in IE pops up on https page
- Security error in cross domain iframe